Will disabling the charon and Apparmor profiles still let the VPN work? I don't fully understand the technicality of this.
Thanks. On Sun, Nov 20, 2016 at 12:22 AM, Douglas Kosovic <d...@uq.edu.au> wrote: > Sorry I gave bad advice, Apparmor complain mode won't help, it was the > attach_disconnected in the patch which fixes the issue. > > Simplest solution without patching is to disable the charon and stroke > Apparmor profiles as mentioned on: > https://github.com/nm-l2tp/network-manager-l2tp/wiki > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1587886 > > Title: > strongswan ipsec status issue with apparmor > > Status in One Hundred Papercuts: > Triaged > Status in strongswan package in Ubuntu: > In Progress > > Bug description: > $ lsb_release -rd > Description: Ubuntu 16.04 LTS > Release: 16.04 > > $ apt-cache policy strongswan > strongswan: > Installed: 5.3.5-1ubuntu3 > Candidate: 5.3.5-1ubuntu3 > Version table: > *** 5.3.5-1ubuntu3 500 > 500 http://au.archive.ubuntu.com/ubuntu xenial/main amd64 > Packages > 500 http://au.archive.ubuntu.com/ubuntu xenial/main i386 > Packages > 100 /var/lib/dpkg/status > > > Looks like 'ipsec status' might be causing strongswan's charon to > write to run/systemd/journal/dev-log instead of /run/systemd/journal > /dev-log and apparmor doesn't like it. > > Extract from /etc/apparmor.d/abstractions/base : > /{,var/}run/systemd/journal/dev-log w, > > With an established ipsec connection, issue the following : > > $ sudo ipsec status > connecting to 'unix:///var/run/charon.ctl' failed: Permission denied > failed to connect to stroke socket 'unix:///var/run/charon.ctl' > > > $ journalctl > ... > Jun 01 12:15:07 ThinkCentre-M900 kernel: audit: type=1400 > audit(1464785297.366:491): apparmor="DENIED" operation="connect" > info="Failed name lookup - disconnected path" error=-13 > profile="/usr/lib/ipsec/charon" name="run/systemd/journal/dev-log" > pid=4994 comm="charon" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 > ... > > ProblemType: Bug > DistroRelease: Ubuntu 16.04 > Package: strongswan 5.3.5-1ubuntu3 > ProcVersionSignature: Ubuntu 4.4.0-22.40-generic 4.4.8 > Uname: Linux 4.4.0-22-generic x86_64 > NonfreeKernelModules: wl > ApportVersion: 2.20.1-0ubuntu2.1 > Architecture: amd64 > CurrentDesktop: Unity > Date: Wed Jun 1 23:06:53 2016 > InstallationDate: Installed on 2016-05-11 (21 days ago) > InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 > (20160420.1) > PackageArchitecture: all > SourcePackage: strongswan > UpgradeStatus: No upgrade log present (probably fresh install) > > To manage notifications about this bug go to: > https://bugs.launchpad.net/hundredpapercuts/+bug/1587886/+subscriptions > -- Aquib Mir c. 647.997.1982 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1587886 Title: strongswan ipsec status issue with apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/hundredpapercuts/+bug/1587886/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs